From 70c7d5536ea2f3a5a7c7b16796a659cc42b9ce7a Mon Sep 17 00:00:00 2001 From: Jan Orel Date: Fri, 16 Nov 2018 10:23:43 +0100 Subject: [PATCH] B #2479 Always downcase username in LDAP auth driver (#2562) --- src/authm_mad/remotes/ldap/authenticate | 2 +- src/onedb/fsck/user.rb | 16 +++++++++++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/src/authm_mad/remotes/ldap/authenticate b/src/authm_mad/remotes/ldap/authenticate index eb39ff0481..7ba956c815 100755 --- a/src/authm_mad/remotes/ldap/authenticate +++ b/src/authm_mad/remotes/ldap/authenticate @@ -126,7 +126,7 @@ order.each do |name| # authentication success group_list = groups.join(' ') - escaped_user = URI_PARSER.escape(user) + escaped_user = URI_PARSER.escape(user).strip.downcase escaped_secret = URI_PARSER.escape(user_name) puts "ldap #{escaped_user} #{escaped_secret} #{group_list}" diff --git a/src/onedb/fsck/user.rb b/src/onedb/fsck/user.rb index 5ef585ba5e..ba12b11c14 100644 --- a/src/onedb/fsck/user.rb +++ b/src/onedb/fsck/user.rb @@ -10,10 +10,12 @@ module OneDBFsck @fixes_user = users_fix = {} - @db.fetch("SELECT oid,body,gid FROM user_pool") do |row| + name_seen = {} + @db.fetch("SELECT oid,body,gid,name FROM user_pool") do |row| doc = Nokogiri::XML(row[:body],nil,NOKOGIRI_ENCODING){|c| c.default_xml.noblanks} gid = doc.root.at_xpath('GID').text.to_i + auth_driver = doc.root.at_xpath('AUTH_DRIVER').text user_gid = gid user_gids = Set.new @@ -76,6 +78,18 @@ module OneDBFsck users_fix[row[:oid]] = {:body => doc.root.to_s, :gid => user_gid} end + + if auth_driver == 'ldap' + if ! name_seen[row[:name].downcase] + name_seen[row[:name].downcase] = [row[:oid] , row[:name]] + else + log_error( + "User id:#{row[:oid]} has conficting name #{row[:name]}, "<< + "another user id:#{name_seen[row[:name].downcase][0]} "<< + "with name #{name_seen[row[:name].downcase][1] } is present", + repaired=false) + end + end end end